Symantec Identifies a China-Based Hacking Group that Attacks Mostly US Firms

A recent report released by Symantec revealed that there is a group of professional hackers that has been responsible for several attacks on PC systems around the world since 2009. The security vendor identified that group as Hidden Lynx, which has about 50 to 100 members who are mostly from China.

The company thinks that Hidden Lynx was responsible for many high-profile attacks, including the Operation Aurora espionage in 2010. In that attack, a number of major businesses were targeted, including Google Inc and Microsoft Corp. The group was also responsible for the recent attack on Bit9 and the watering hole operations against several US organizations.

The Hidden Lynx

Symantec disclosed that Hidden Lynx has access to several malware tools that are sophisticated enough to incur serious problems on targets. Among those tools is the ‘Trojan Naid,’ which is reserved for high-profile targets like those involved in Operation Aurora. ‘Backdoor Moudoor’ is another malware tool that seems to be employed for general-purpose and simpler hacking attacks.

This group may have already generated a long history of attacks. It has already targeted organizations and businesses, the financial services sector, the defense industrial base, governments, engineering firms, supply chain systems, and education agencies. Symantec disclosed that more than 50% of those attacks have targeted US-based enterprises.

Two teams

However, Hidden Lynx may lack organization within itself. In fact, there are two teams within the group. The A-team is the smaller faction but is comprised of elite hackers. This team has the access to more sophisticated malware tools like Trojan Naid. This team is usually deployed to cover special operations that require higher degree of skills and secrecy.

Meanwhile, the B-team could be considered as the foot soldiers. They are more responsible for carrying out a huge number of attacks. The malware they use are simpler like the Backdoor Moudoor.

Persistent efforts

Despite the factions, Hidden Lynx could still be notorious overall. The group has impressive problem solving skills. Both teams are capable of looking for several other ways to infect and compromise targets through exploring their partners, service providers, and vulnerable suppliers.

Lastly, most of the activities and attacks of Hidden Lynx appear to have been hosted and deployed from China. However, Symantec emphasizes that there is no evidence that may prove any suspicion that the group is sponsored by any government. It should also be noted that many of its victims are also based in China.

For comments and suggestions, leave a message in the comments section below. Like and Follow our Facebook page for more stories and to stay up-to-date with the latest happenings.